acb9cb7c8c8cc09bd3de1388e1e72b3ce6ddaa9fd8a26c86da42881d7cc568cd | Triage

Sharing

General

Target

ap.apk
Size

11.9MB
Sample

240522-nvcsssde63
MD5

7507ea4f1f90bd66b87effdc82076d4b
SHA1

086950d110fde1fd3ac0a7c25d83084b7adfcee0
SHA256

acb9cb7c8c8cc09bd3de1388e1e72b3ce6ddaa9fd8a26c86da42881d7cc568cd
SHA512

d4a3ed3abd4c4e839e0fb37d55a834408ab535f99aef70c41430b9d9660c045106319045beea940ec8882a0dd7e38be51cb9f1343511bf1820e07dc5638fd598
SSDEEP

196608:3idTbExZtkNa/esahvR++esrXfpC52SJIkvKFwuG7QBNydD8fQS72SVIjS6n5EmC:SpExsQeth5VesrXhCJIZwuGcBNydIfQc

Score

8^/10

android banker discovery evasion impact persistence

Malware Config

Targets

- Target
  
  ap.apk
- Size
  
  11.9MB
- MD5
  
  7507ea4f1f90bd66b87effdc82076d4b
- SHA1
  
  086950d110fde1fd3ac0a7c25d83084b7adfcee0
- SHA256
  
  acb9cb7c8c8cc09bd3de1388e1e72b3ce6ddaa9fd8a26c86da42881d7cc568cd
- SHA512
  
  d4a3ed3abd4c4e839e0fb37d55a834408ab535f99aef70c41430b9d9660c045106319045beea940ec8882a0dd7e38be51cb9f1343511bf1820e07dc5638fd598
- SSDEEP
  
  196608:3idTbExZtkNa/esahvR++esrXfpC52SJIkvKFwuG7QBNydD8fQS72SVIjS6n5EmC:SpExsQeth5VesrXhCJIZwuGcBNydIfQc
Score

8^/10

banker discovery evasion impact persistence
- Checks if the Android device is rooted.
  evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Checks Android system properties for emulator presence.
  evasion
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Acquires the wake lock
- Checks if the internet connection is available
  discovery
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Checks the presence of a debugger
  evasion
behavioral1

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

Broadcast Receivers

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Process Discovery

Software Discovery

Security Software Discovery

System Information Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

bankerdiscoveryevasionimpactpersistence